List of IP addresses or CIDR subnets that should be allowed to access SSH
service. If it's set, access from hosts and networks not specified here is
denied in TCP Wrappers and limited in iptables. This is a global list.

List of IP addresses or CIDR subnets that should be allowed to access SSH
service. If it's set, access from hosts and networks not specified here is
denied in TCP Wrappers and limited in iptables. This is a group list.

List of IP addresses or CIDR subnets that should be allowed to access SSH
service. If it's set, access from hosts and networks not specified here is
denied in TCP Wrappers and limited in iptables. This is a host list.

Specify the "weight" of the sshd firewall rules. The more weight they
have, he later in the firewall they will be defined. If you change the
default weight, you will need to remove the old rules manually from the remote
host.

Enable or disable limited SSH access from all hosts in ip(6)tables.
Recent new connections are filtered and when too many new connections are
created in specified time window, host is added to the recent blocklist.

Maximum number of unauthenticated connections (3), after which there's 80%
probability of next unauthenticated connection to be dropped, finishing at 7,
after which all new unauthenticated connections will be refused.

Specify if sshd should use unprivileged processes for incoming session
authentication. Setting this to sandbox enables use of additional
kernel restrictions. This option has no effect with sshd version 7.5+
since privilege separation became mandatory.

List of additional key exchange algorithms which should be used by the
sshd server, depending on available version, depending on available
version, ordered from stronger to weaker. Newer version supersedes older
version.

List of additional key exchange algorithms which should be used by the
sshd server, depending on available version, depending on available
version, ordered from stronger to weaker. Newer version supersedes older
version.

Dict with list of message authentication code algorithms which should be used
by the sshd server, depending on available version, ordered from stronger
to weaker. Newer version supersedes older version.

sshd__ferm__dependent_rules:-type:'accept'dport:'{{sshd__ferm_ports}}'weight:'0'weight_class:'sshd-chain'name:'sshd_jump-filter-ssh'target:'{{sshd__ferm_limit_chain}}'rule_state:'{{"present"ifsshd__ferm_limit|boolelse"absent"}}'comment:'Createaseparate"iptables"chainforSSHrules'-chain:'{{sshd__ferm_limit_chainifsshd__ferm_limit|boolelse"INPUT"}}'type:'accept'dport:'{{sshd__ferm_ports}}'saddr:'{{sshd__whitelist+sshd__group_whitelist+sshd__host_whitelist}}'weight:'1'weight_class:'sshd-chain'name:'sshd_whitelist'subchain:Falseaccept_any:Falsecomment:'Acceptanyhostsinthewhitelistunconditionally'-chain:'{{sshd__ferm_limit_chainifsshd__ferm_limit|boolelse"INPUT"}}'type:'accept'dport:'{{sshd__ferm_ports}}'saddr:'{{sshd__allow+sshd__group_allow+sshd__host_allow}}'weight:'2'weight_class:'sshd-chain'name:'sshd_allow'subchain:Falseaccept_any:'{{Falseifsshd__ferm_limit|boolelseTrue}}'comment:|Accept any hosts in the allow list. If there are any hosts specified,block connections from other hosts using TCP Wrappers.-chain:'{{sshd__ferm_limit_chain}}'type:'recent'weight:'3'weight_class:'sshd-chain'name:'sshd_block-ssh'dport:'{{sshd__ferm_ports}}'state:['NEW']subchain:Falserecent_name:'ssh-new'recent_update:Truerecent_seconds:'{{sshd__ferm_limit_seconds}}'recent_hitcount:'{{sshd__ferm_limit_hits}}'recent_target:'REJECT'rule_state:'{{"present"ifsshd__ferm_limit|boolelse"absent"}}'comment:|Block new SSH connections that have been marked as recent if they maketoo many new connection attempts.-chain:'{{sshd__ferm_limit_chain}}'type:'recent'weight:'4'weight_class:'sshd-chain'name:'sshd_mark-ssh'dport:'{{sshd__ferm_ports}}'state:['NEW']subchain:Falserecent_set_name:'ssh-new'recent_log:Falserule_state:'{{"present"ifsshd__ferm_limit|boolelse"absent"}}'comment:'MarknewconnectionstotheSSHserviceforrecenttracking'-chain:'{{sshd__ferm_limit_chain}}'type:'accept'weight:'5'weight_class:'sshd-chain'role:'sshd'role_weight:'60'name:'sshd_accept-ssh'dport:'{{sshd__ferm_ports}}'rule_state:'{{"present"ifsshd__ferm_limit|boolelse"absent"}}'comment:'AcceptconnectionstotheSSHservice'